IPv4 and IPv6 Greynets
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org> Subject: Document Action: 'IPv4 and IPv6 Greynets' to Informational RFC The IESG has approved the following document: - 'IPv4 and IPv6 Greynets' <draft-baker-v6ops-greynet-05.txt> as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Ron Bonica. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-baker-v6ops-greynet/
Technical Summary This document proposes a simple extension to the treatment of a datagram received by a router destined to a receiver that does not exist. Current specifications have the router queuing the datagram while obtaining the needed MAC address from Neighbor Discovery, and upon failure of that discarding the datagram and responding ICMP Unreachable. Under administrative control, the datagram could instead be forwarded, or summarized and the summary forwarded, to an appropriate collector for offline analysis. This could be used, as similar darknet traffic is used, to detect and learn about attacks in the network. In essence, any address in a network that is not currently instantiated can be used as as "dark" or "grey" network address without additional impact on the network. Working Group Summary The operators in the working group indicated that the capability would be interesting and useful. Document Quality The document suggests existing protocols that could be used to transport the information, but does not specify a protocol. A prototype implementation was created for testing purposes but has not at this point been committed back to the open source community. Personnel Tim Chown is shepherd.